CVE-2025-34102
CryptoLog Unauthenticated RCE via SQL Injection and Command Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands. The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context. This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2025-04-15 CVE Reserved
- 2025-07-10 CVE Published
- 2025-07-11 CVE Updated
- 2025-07-11 EPSS Updated
- 2025-07-11 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CWE-306: Missing Authentication for Critical Function
CAPEC
- CAPEC-66: SQL Injection
- CAPEC-88: OS Command Injection
- CAPEC-115: Authentication Bypass
- CAPEC-137: Parameter Injection
References (4)
| URL | Tag | Source |
|---|---|---|
| https://vulncheck/advisories/cryptolog-unauthenticated-rce | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| - | - | - | - | - | ||||||